The controversy over
whether the president has the power to authorize the National
Security Agency to monitor international communications with
terrorists obscures a simple fact: The Foreign Intelligence
Surveillance Act (FISA) is no longer adequate.

Passed in 1978, FISA didn't anticipate the development of global
communication networks or advanced technical methods for
intelligence gathering. Congress should amend FISA to provide for
programmatic approvals of cutting-edge technologies -- including
automated monitoring of suspected terrorist communications.

While pundits and politicians are already passing judgment on the
president's actions, many of their comments are premature. Not
enough is known yet to justify many of the factual assertions and
legal conclusions being offered. And, because of the highly
classified nature of the methods used in this particular program,
the only proper forum for reviewing these actions in detail is in
the appropriate congressional committees with suitable safeguards
for national security and with the full disclosure of all relevant
documents and briefings by the Bush administration.

Nevertheless, what is clear is that the existing FISA procedures
are themselves inadequate to authorize the use of advanced
technical methods against global terrorist threats. The critical
question being overlooked in the partisan bickering is whether
there's a better way to stay one step ahead of the terrorists as
well as protect the liberties of American citizens. There is.

FISA is cumbersome. It requires individual application to a judge
for authorization to target a specific individual or source based
on showing a connection to a foreign power or foreign terrorist.
Although FISA permits applications to be made after the fact in
certain cases, it doesn't provide a mechanism for programmatic
pre-approval of technical methods like automated data analysis.

Automated screening can monitor data to uncover terrorist
connections without human beings ever looking at anybody's emails
or listening in on their phone calls. Only when the computer
identifies suspicious connections or information do humans get
involved. What's needed is a legal mechanism for pre-approving such
methods so that when threats are identified, analysts can move
quickly to provide the kind of "actionable intelligence" that can
prevent terrorist acts. FISA can't do that.

Further, FISA applies to foreign intelligence collection conducted
"within the United States" or against "U.S. persons." However,
advances in information technology together with the borderless
nature of terrorist threats and global communications has made
place-of-collection and U.S. personhood an increasingly unworkable
basis for controlling the collection of intelligence. Indeed, it
may no longer even be technically possible to determine exactly
when a communication is taking place "within the United States" and
no practical means exists to determine if a particular participant
is a U.S. person or not until after further investigation. FISA
does not account for this.

Consider the following case: A computer is recovered in
Afghanistan containing Pakistani e-mail addresses and phone numbers
used by al Qaeda. NSA is told to exploit this intelligence.
Assuming that the interception isn't "within the United States" and
is not intentionally targeting a "U.S. person," FISA isn't
applicable and NSA has full legal authority to monitor the
communications. That's OK.

The debate begins when NSA monitoring uncovers a U.S. connection,
like a U.S. person or phone number communicating with the foreign
source. Under existing rules, U.S. person information collected
collaterally in a legitimate foreign intercept is subject to
"minimization" (shielded from further disclosure) and the U.S.
person cannot be "targeted" without a warrant. That's OK, too.

The problem arises when the initial "monitoring" is conducted by
technical or automated means that use computer analysis to identify
connections, key words or patterns. Only those communications
matching these criteria are then selected for further analysis.
Critics of the current program contend that in all cases where a
U.S. person or U.S. source communication is "intercepted," a
warrant is required.

But how would this work for communications that are technically
intercepted and analyzed but not selected for further
investigation? Would these critics propose that retroactive FISA
warrants be required for all "collection" of U.S. person
information even if analysis showed those communications to be of
no interest? If so, the very fact that they were found to be of no
interest would preclude issuing a warrant.

Yet, without monitoring all the inbound and outbound traffic from
a known terrorist communication node -- like Abu Musab Zarqawi's
cell phone number -- no intelligence can be gained.

FISA must be amended to enable programmatic approvals for
automated monitoring programs, since authorization for practical
reasons cannot be sought on an individual basis even after the
fact. With programmatic approval for the initial automated
screening, existing FISA warrant procedures could then be followed
for targeted monitoring of identified U.S. persons or sources in
appropriate cases where follow-up investigation is needed.

By all means, let us debate who should have the authority to
authorize and oversee such intelligence-gathering programs. But
amid the partisan bickering, let's not forget that someone must do
it -- and that the existing mechanisms are inadequate.

K. A. (Kim) Taipale is the executive director of the Center for
Advanced Studies in Science and Technology Policy. James
Carafanois a senior research
fellow for defense and homeland security atThe Heritage
Foundation.